Skip to content

🚚 release#519

Closed
mfiedorowicz wants to merge 56 commits into
releasefrom
develop
Closed

🚚 release#519
mfiedorowicz wants to merge 56 commits into
releasefrom
develop

Conversation

@mfiedorowicz
Copy link
Copy Markdown
Member

@mfiedorowicz mfiedorowicz commented Apr 17, 2026

No description provided.

mfiedorowicz and others added 30 commits January 19, 2026 10:41
@mfiedorowicz
fix: make index creation idempotent in entity hash lookup migration (#…
65f8aee 
…463)

Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
chore: update CODEOWNERS (#465)
83b7a57
@mfiedorowicz
feat(matching): add fuzzy string matching package (#464)
f84c30c
@mfiedorowicz
feat(protograph): add entity mapping code generator (#466)
1e9ab2d
@mfiedorowicz
feat(db): add graph tables migration for entity storage (#467)
488ee9f
@mfiedorowicz
feat(db): add SQLC queries and generated code for graph tables (#468)
ff60ddc
@mfiedorowicz
feat(entitymatcher): add confidence-based entity matching package (#470)
f7f7d0f 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
feat(reconciler): add GraphBuilder for recursive entity extraction (#471
343b589 
)
@mfiedorowicz
feat(reconciler): integrate graph DB with feature flag (#472)
41bd6e5
@mfiedorowicz
feat: list entities rpc (#473)
731ce14
@manrodrigues @mfiedorowicz
chore: Implement pytest in Diode (#469)
1f56d16 
Co-authored-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
feat(reconciler): add CreateEntity RPC for synchronous entity creation (
32e7242 
#474)
@manrodrigues
Chore: (OBS-1959) python linting (#475)
525476d
@mfiedorowicz
feat: add DeviceConfig (#476)
0ad24c0 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@paulstuart
add optional pprof listeners to servers
85a84d0
@paulstuart
include supporting file
eff7051
@paulstuart
use service configs to set auth endpoints
c750b7f
@paulstuart
restore removed return for early error
f0b5662
@paulstuart
feat: add optional pprof listeners to servers (#478)
caaa7ce 
Each service config has it's own pprof listener directive defaulting to localhost.
@mfiedorowicz
feat(graph): add metadata storage and lookup for entity matching (#480)
1fb551e
@paulstuart
remove defaults and allow distinct env names for each pprof env var
85ec6f2
@paulstuart
consistent naming for pprof var
a4fb468
@paulstuart
fix: remove defaults for pprof env var (#481)
78216d9
@paulstuart
fix erroneously updated doc
410af18
@paulstuart
fix: docs had wrong info for pprof env var (#482)
dce5917
@mfiedorowicz
refactor: graph package (#486)
f42de3b 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@mfiedorowicz
chore: remove CreateEntity and ListEntities RPCs from reconciler proto (
b56fb63 
#488)
@mfiedorowicz
refactor: graph pkg - Service reshape + ListNodes (#491)
4b2bac5
@dependabot
chore(deps): bump go.opentelemetry.io/otel/sdk from 1.36.0 to 1.40.0 …
d254bcd 
…in /diode-server in the go_modules group across 1 directory (#494)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@mfiedorowicz
fix: prevent infinite recursion in updateRefsInData (#495)
c8287b9 
Signed-off-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026
edited
Loading

Vulnerability Scan: Passed — diode-ingester

Image: diode-ingester:scan

No vulnerabilities found.

Commit: 7a1c461

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026
edited
Loading

Vulnerability Scan: Passed — diode-reconciler

Image: diode-reconciler:scan

No vulnerabilities found.

Commit: 7a1c461

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026
edited
Loading

Vulnerability Scan: Passed — diode-auth

Image: diode-auth:scan

Source Library CVE Severity Installed Fixed Title
usr/bin/hydra github.com/docker/docker CVE-2026-34040 🟠 HIGH v28.3.3+incompatible 29.3.1 Moby: Moby: Authorization bypass vulnerability
usr/bin/hydra github.com/docker/docker CVE-2026-33997 🟡 MEDIUM v28.3.3+incompatible 29.3.1 moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plu
usr/bin/hydra github.com/go-jose/go-jose/v3 CVE-2026-34986 🟠 HIGH v3.0.4 3.0.5 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of
usr/bin/hydra github.com/jackc/pgx/v5 CVE-2026-33816 🔴 CRITICAL v5.7.5 5.9.0 github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability
usr/bin/hydra github.com/jackc/pgx/v5 CVE-2026-41889 ⚪ LOW v5.7.5 5.9.2 pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, ...
usr/bin/hydra go.opentelemetry.io/otel CVE-2026-29181 🟠 HIGH v1.40.0 1.41.0 OpenTelemetry-Go: multi-value baggage header extraction causes excessive alloc
usr/bin/hydra go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp CVE-2026-39882 🟡 MEDIUM v1.37.0 1.43.0 OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...
usr/bin/hydra go.opentelemetry.io/otel/sdk CVE-2026-39883 🟠 HIGH v1.40.0 1.43.0 opentelemetry-go: BSD kenv command not using absolute path enables PATH hijackin
usr/bin/hydra stdlib CVE-2026-25679 🟠 HIGH v1.26.0 1.25.8, 1.26.1 net/url: Incorrect parsing of IPv6 host literals in net/url
usr/bin/hydra stdlib CVE-2026-27137 🟠 HIGH v1.26.0 1.26.1 crypto/x509: Incorrect enforcement of email constraints in crypto/x509
usr/bin/hydra stdlib CVE-2026-32280 🟠 HIGH v1.26.0 1.25.9, 1.26.2 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certific
usr/bin/hydra stdlib CVE-2026-32281 🟠 HIGH v1.26.0 1.25.9, 1.26.2 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certifica
usr/bin/hydra stdlib CVE-2026-32283 🟠 HIGH v1.26.0 1.25.9, 1.26.2 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key up
usr/bin/hydra stdlib CVE-2026-33810 🟠 HIGH v1.26.0 1.26.2 crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorr
usr/bin/hydra stdlib CVE-2026-27142 🟡 MEDIUM v1.26.0 1.25.8, 1.26.1 html/template: URLs in meta content attribute actions are not escaped in html/te
usr/bin/hydra stdlib CVE-2026-32282 🟡 MEDIUM v1.26.0 1.25.9, 1.26.2 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root
usr/bin/hydra stdlib CVE-2026-32288 🟡 MEDIUM v1.26.0 1.25.9, 1.26.2 archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously
usr/bin/hydra stdlib CVE-2026-32289 🟡 MEDIUM v1.26.0 1.25.9, 1.26.2 html/template: golang: html/template: Cross-Site Scripting (XSS) via improper co
usr/bin/hydra stdlib CVE-2026-27138 ⚪ LOW v1.26.0 1.26.1 crypto/x509: Panic in name constraint checking for malformed certificates in cry
usr/bin/hydra stdlib CVE-2026-27139 ⚪ LOW v1.26.0 1.25.8, 1.26.1 os: FileInfo can escape from a Root in golang os module

Commit: 7a1c461

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 17, 2026
edited
Loading

Go test coverage

STATUS ELAPSED PACKAGE COVER PASS FAIL SKIP
🟢 PASS 1.35s github.com/netboxlabs/diode/diode-server/auth 44.7% 42 0 0
🟢 PASS 0.98s github.com/netboxlabs/diode/diode-server/auth/cli 0.0% 0 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/authutil 82.8% 5 0 0
🟢 PASS 0.20s github.com/netboxlabs/diode/diode-server/dbstore/postgres 0.0% 0 0 0
🟢 PASS 1.12s github.com/netboxlabs/diode/diode-server/entityhash 79.2% 13 0 0
🟢 PASS 1.14s github.com/netboxlabs/diode/diode-server/entitymatcher 82.8% 97 0 0
🟢 PASS 0.09s github.com/netboxlabs/diode/diode-server/errors 0.0% 0 0 0
🟢 PASS 1.17s github.com/netboxlabs/diode/diode-server/graph 52.0% 81 0 0
🟢 PASS 1.41s github.com/netboxlabs/diode/diode-server/ingester 79.1% 26 0 0
🟢 PASS 1.12s github.com/netboxlabs/diode/diode-server/matching 94.1% 66 0 0
🟢 PASS 1.08s github.com/netboxlabs/diode/diode-server/migrator 70.4% 4 0 0
🟢 PASS 6.32s github.com/netboxlabs/diode/diode-server/netboxdiodeplugin 83.0% 40 0 0
🟢 PASS 0.18s github.com/netboxlabs/diode/diode-server/pprof 0.0% 0 0 0
🟢 PASS 2.61s github.com/netboxlabs/diode/diode-server/reconciler 80.0% 87 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/reconciler/applier 85.7% 1 0 0
🟢 PASS 0.10s github.com/netboxlabs/diode/diode-server/reconciler/changeset 0.0% 0 0 0
🟢 PASS 1.09s github.com/netboxlabs/diode/diode-server/reconciler/differ 63.8% 6 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/server 85.7% 14 0 0
🟢 PASS 1.01s github.com/netboxlabs/diode/diode-server/strcase 100.0% 24 0 0
🟢 PASS 1.02s github.com/netboxlabs/diode/diode-server/telemetry 28.0% 26 0 0
🟢 PASS 1.01s github.com/netboxlabs/diode/diode-server/telemetry/otel 90.2% 25 0 0
🟢 PASS 0.10s github.com/netboxlabs/diode/diode-server/tls 0.0% 0 0 0
🟢 PASS 1.01s github.com/netboxlabs/diode/diode-server/version 100.0% 2 0 0

Total coverage: 57.4%

@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented Apr 17, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@dependabot @mfiedorowicz
chore(deps): bump github.com/jackc/pgx/v5 from 5.9.0 to 5.9.2 in /dio…
871ca67 
…de-server in the go_modules group across 1 directory (#520)

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Michal Fiedorowicz <mfiedorowicz@netboxlabs.com>
@CLAassistant
Copy link
Copy Markdown

CLAassistant commented May 10, 2026
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
5 out of 6 committers have signed the CLA.

✅ mfiedorowicz
✅ manrodrigues
✅ paulstuart
✅ marc-barry
✅ MicahParks
❌ dependabot[bot]
You have signed the CLA already but the status is still pending? Let us recheck it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jajeffries jajeffries jajeffries approved these changes

@leoparente leoparente leoparente approved these changes

@ltucker ltucker Awaiting requested review from ltucker ltucker is a code owner

@MicahParks MicahParks Awaiting requested review from MicahParks MicahParks is a code owner

Assignees

@mfiedorowicz mfiedorowicz

Labels

build dependencies diode-chart diode-ingester diode-proto diode-reconciler diode-server documentation Improvements or additions to documentation github-actions go internal markdown python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@mfiedorowicz @github-advanced-security @CLAassistant @jajeffries @leoparente @manrodrigues @paulstuart @marc-barry @MicahParks